How to Deploy a Workbook to Azure Sentinel from the GitHub Repository

Deploying collateral from our GitHub repository to your Azure Sentinel instance is very similar in that it is a copy/paste operation. This guidance is specific to an Workbook. How to do it Azure Sentinel Workbooks are located in the Workbooks folder of the GitHub repo. Locate an Analytics Rule you want in the GitHub Repo. Click the … Continue reading How to Deploy a Workbook to Azure Sentinel from the GitHub Repository

How to Take Advantage of the New Virus Total Logic App Connector for Your Azure Sentinel Playbooks

I saw a discussion internally today that exposed to me something I thought I might have missed, but, then realized this is brand new and available in public preview for everyone to test. So - hey - time to share... In the past, we've provided Playbooks for interacting with the Virus Total service through the … Continue reading How to Take Advantage of the New Virus Total Logic App Connector for Your Azure Sentinel Playbooks

How to Deploy an Analytics Rule to Azure Sentinel from the GitHub Repository

Deploying collateral from our GitHub repository to your Azure Sentinel instance is very similar in that it is a copy/paste operation. This guidance is specific to an Analytics Rule. P.S. There’s automated ways to accomplish this, but it’s also a good thing to know for basic understanding. For an automated way, see Wortell’s PowerShell module: AZSentinel/AzSentinel … Continue reading How to Deploy an Analytics Rule to Azure Sentinel from the GitHub Repository

How to Deploy a Hunting Query to Azure Sentinel from the GitHub Repository

The official GitHub repository for Azure Sentinel exists at: https://aka.ms/ASGitHub Deploying collateral from our GitHub repository to your Azure Sentinel instance is very similar in that it is a copy/paste operation. This guidance is specific to the Hunting query. P.S. There's automated ways to accomplish this, but it's also a good thing to know for … Continue reading How to Deploy a Hunting Query to Azure Sentinel from the GitHub Repository

Improved Azure Portal View Makes Switching Between Azure Sentinel LAWs Easier

Have you see this yet? An update to the UI for the Azure Portal makes switching between different Log Analytics workspaces (LAWs) for Azure Sentinel easier. The option to multi-select LAWs is still available, but when in the Azure Sentinel console, it's now much easier to switch between the different workspaces. If you don't like … Continue reading Improved Azure Portal View Makes Switching Between Azure Sentinel LAWs Easier

How to Use Azure Sentinel to Protect Against the Exchange Zero-day

If you've not heard by now and this is your first time hearing it, there's a 0-day in the wild that has been dubbed "HAFNIUM." HAFNIUM targets the following Exchange server versions: Microsoft Exchange Server 2013  Microsoft Exchange Server 2016  Microsoft Exchange Server 2019  Exchange Online is not affected.  The vulnerabilities being exploited are CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and … Continue reading How to Use Azure Sentinel to Protect Against the Exchange Zero-day

How to Generate Azure Sentinel Incidents for Testing

Do you want to generate an Incident in Azure Sentinel for testing/demoing? Here's a couple easy ways to do it. These are a few of the methods I use (and have customers use) after building a customer lab. Additionally, I may update this post from time-to-time to include more methods and I'm only going to … Continue reading How to Generate Azure Sentinel Incidents for Testing

Creating Cloud Shell Storage Resources in a Different Azure Region

I had a situation recently where I needed to test to determine if a specific cmdlet for the Azure Sentinel PowerShell module would run in a specific Azure region. Cloud Shell instances require storage to function. When you initiate a Cloud Shell instance and accept the defaults it generates a random set of storage account … Continue reading Creating Cloud Shell Storage Resources in a Different Azure Region